hi , please help me for securing jmx-console and web-console for jboss as i have tried the following thing,

Out of the box jmx-console and the web console are accessable to anyone who can access your server viathe following url: http://yourserver:8080/jmx-console. The good news is that both jmx-console and web-consoleare standard servlet so they can be protected easily by enabling the security-constraint. Our exampleuses the default server model.1. edit \server\default\deploy\jmx-console.war\WEB-INF\web.xmland uncomment the security-constraint<!-- A security constraint that restricts access to the HTML JMX consoleto users with the role JBossAdmin. Edit the roles to what you want anduncomment the WEB-INF/jboss-web.xml/security-domain element to enablesecured access to the HTML JMX console. -->

2. Edit \server\default\deploy\jmx-console.war\WEB-INF\jboss-web.xml. Uncomment the following block:<jboss-web><!-- Uncomment the security-domain to enable security. You willneed to edit the htmladaptor login configuration to setup thelogin modules used to authentication users.--><security-domain>java:/jaas/jmx-console</security-domain>

</jboss-web>

3. Edit \server\default\conf\props\jmx-console-roles.properties

4. Edit \server\default\conf\props\jmx-console-users.properties

The only change above should be to jmx-console-users.properties, i.e, set a password.

5. While you are in directory make copies of the two jmx-console properties files and call them web-console-roles.propertiesand web-console-users.prperties respectively.6. The property files for web-console currently exist under \server\default\deploy\management\console-mgr.sar\web-console.war\WEB-INF\classes.I would rename these files.7. edit \server\default\conf\login-config.xml

In the above you need to add the props/ because this is missing in the original file. If you do not dothis the login procedure will look for the properties file under web-console.war\WEB-INF\classes and if you have not renamed the properties file there it will try anduse those.Remember to bounce JBoss after you are done. Out of the box jmx-console and the web console are accessable to anyone who can access your server viathe following url: http://yourserver:8080/jmx-console. The good news is that both jmx-console and web-consoleare standard servlet so they can be protected easily by enabling the security-constraint. Our exampleuses the default server model.1. edit \server\default\deploy\jmx-console.war\WEB-INF\web.xmland uncomment the security-constraint<!-- A security constraint that restricts access to the HTML JMX consoleto users with the role JBossAdmin. Edit the roles to what you want anduncomment the WEB-INF/jboss-web.xml/security-domain element to enablesecured access to the HTML JMX console. -->

2. Edit \server\default\deploy\jmx-console.war\WEB-INF\jboss-web.xml. Uncomment the following block:<jboss-web><!-- Uncomment the security-domain to enable security. You willneed to edit the htmladaptor login configuration to setup thelogin modules used to authentication users.--><security-domain>java:/jaas/jmx-console</security-domain>

</jboss-web>

3. Edit \server\default\conf\props\jmx-console-roles.properties

4. Edit \server\default\conf\props\jmx-console-users.properties

The only change above should be to jmx-console-users.properties, i.e, set a password.

5. While you are in directory make copies of the two jmx-console properties files and call them web-console-roles.propertiesand web-console-users.prperties respectively.6. The property files for web-console currently exist under \server\default\deploy\management\console-mgr.sar\web-console.war\WEB-INF\classes.I would rename these files.7. edit \server\default\conf\login-config.xml

In the above you need to add the props/ because this is missing in the original file. If you do not dothis the login procedure will look for the properties file under web-console.war\WEB-INF\classes and if you have not renamed the properties file there it will try anduse those.Remember to bounce JBoss after you are done.

but still its not asking the prompt for the authentication after bouncing the jboss app server.